The Positive Hack Days — international forum on practical information security.

How much does it take to hack a mobile network?Is electronic government secure
in the era of WikiLeaks and Anonymous?
Is SCADA hacking a Hollywood fiction
or the nowadays reality?Internet banking: is there any chance to win
over the fraudsters?Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Thursday, May 31, 2012

Once Again about Remote Banking Security

There is a specific section in the information security forum Positive Hack Days called Ways to Protect Money taking place in the Digital October Center these days, where leading experts from Russia and other countries speak about the issues of the banking security.

For the $natch competition, we have developed our own remote banking system containing common vulnerabilities detected by the experts of Positive Technologies in the course of such systems analysis.

Participants of the $natch contest were to demonstrate their knowledge and skills in exploiting typical vulnerabilities of the remote banking servers. There was a certain amount of money in our “protected” I-bank (conditions were near to the actual).

The hackers were to detect the remote banking vulnerabilities and use them to withdraw money within a limited time during the second stage of the competition. Participants were awarded with the withdrawn amounts. They could cash out their money from an ATM using the following PHDays cards:

And still there’s more to come! We are going to repeat this competition, but this time the teams of Positive Hack Days CTF will work on protection of the remote banking systems (4 hours to search and eliminate vulnerabilities), and then the Internet users will conduct attacks in the course of the Online HackQuest competition.

On May 31 at 6 p.m. the Internet users will penetrate to the CTF network via VPN and start attacking the remote banking systems.

Transferring money from the accounts of the CTF participants by exploiting remote banking vulnerabilities you can affect the final rating of the teams taking part in PHDays CTF 2012.

Please follow the links for the testing versions of the remote banking systems:

Succeed in the competition as the $natch participants did! Enjoy the battle against the CTF teams and become even more skilled in detecting and exploiting typical vulnerabilities of the remote banking systems!

P. S. It’s worth reminding that the remote banking system has been developed by the experts of Positive Technologies for the purposes of PHDays 2012. It contains typical remote banking vulnerabilities and is not an actual bank system.